Five tips that helped my business survive an encryption attack.
A new form of criminal extortion is becoming more prevalent in the internet age. No longer are business’s held to ransom by stereotypical thugs or criminals, today the internet is an open door of opportunity for extortionists. Recently my practice was the victim of one of these digital extortion attempts and I thought I might share five tips that we learned from the experience.
1. Train your staff
We were able to identify and stop the virus before it had caused much damage to our network and data due to one of our staff members raising the alarm. He noticed that his workstation was redirecting him to shopping websites while visiting Google and performed a virus scan on his computer which identified and removed the virus. Only later did we realise that it had been encrypting data on our server.
We will now ensure that identifying suspicious computer activity is part of our standard induction and training process. Data protection is everyone’s responsibility.
2. Use Redundant Data
More a funny observation than a real hint but we found that while undetected the virus worked systematically down the file structure in explorer, spending a lot of time encrypting over 60 gigabytes of data that was obsolete.
One strategy might be to have a drive with 100,000 tiny files to slow down the encryption process mapped to your A:\ drive to provide your team with the opportunity to identify the threat.
3. Restrict Data Access
The same thing happened to one of my friends and unfortunately all of his data and his backup was lost. As our attack was originating from a user’s workstation, the virus was unable to encrypt any of the data that employee did not have access too.
While a domain may seem like a large investment for a small business, it does provide significant security advantages.
4. Turn off Workstations and keep them updated.
If a workstation is running all night and a virus has not been detected it has the opportunity and time to cause you more damage. Simply turning off your workstation can reduce this risk. Also make sure all of the computers on your network are up to date and protected.
5. Back-up your data and keep a remote copy
Having a back-up system that backs-up you data every night is great, unless it copies all of the encrypted data over your nice clean backup. Always keep some backup data physically and digitally disconnected from the source.
While our experience had a happy ending, due to the training of our staff and our back-up procedures, these type of attacks can ruin a business and many people pay these criminals in a desperate attempt to retrieve their data.
If you have control of your data and know that your back-ups are secure and usable a nightmare can turn into an opportunity to write a LinkedIn post.
– Florian Heise
PS: Also for the other Revit using Architect’s the image is of our text keynote file.